DDoS Attack Sends Honk Kong Stock Exchange Back to Paper

The Hong Kong stock exchange has been forced to resort to using emails and newspaper adverts in order to communicate with investors after two days of sustained DDoS attacks against its news disclosure website.

From 12 August, HKEx said it would buy adverts in local newspapers with information on company results releases, backed up by emails to exchange and clearing participants. A bulletin board website has also been brought into use.

None of these solutions is exactly ideal – the news website offered a complete picture of company results in a timely way designed to comply with international listing rules that ensure transparency on stocks, but HKEx has obviously decided that its website remains a target.

The HKEx news site was back online on Thursday but the company said it was still detecting incoming DDoS disruption attempts, hence the need to offer backups on an ongoing basis.

The DDoS attack that downed the site began on Wednesday lunchtime local time, causing the stocks of several companies, including HSBC, China Power International, Cathay Pacific, and HKEx itself, to be suspended.

Exactly who has attacked the exchange and why remains unknown. Chief Executive Officer Charles Li said the DDoS traffic was from outside Hong Kong itself, which is no great revelation. DDoS attacks muster bot computers which by definition can be more or less anywhere but mainland China will remain a big suspect.

“Over the long-term, The Stock Exchange of Hong Kong, in consultation with the Listing Committee and the Securities and Futures Commission (SFC), will explore the feasibility of an enhanced distribution model whereby the transparency of the market relating to issuers’ disclosure will be expanded beyond the HKExnews website,” the HKEx announced in order to ward off further disruption.

Meantime, HKEx has bolted on better DDoS protection, basically a system at ISP level for detecting and blocking rogue packets. One complexity is that attackers can switch to using other bots if they are determined enough; blocking remains a cat and mouse defence.

The financial world has speculated about the possible motivation but in truth DDoS is simply a part of online life for many large companies. Many are attacked but only the high-profile or less well defended sites make it to the headlines.